Monthly News Roundup - October 2015 (TL;DR)

Post Meta

October was Cybersecurity Awareness Month and look what we got you: A collector’s edition of this month’s news highlights. Network World also did a product overview of Silo. According to the headlines, social engineering is on the rise, Flash remains vulnerable, and organizations that shouldn’t be hacked, are. Here’s a look back at October’s biggest infosec news:

Scottrade Customer Data Leaked: Retail brokerage Scottrade announced that their customers’ personally identifying information had been leaked. The company revealed that Social Security numbers and other contact information for 4.6 million customers were exposed to hackers. The breach took place between 2013 and 2014, but was unknown to Scottrade until they were notified by federal investigators.

Experian Hack Affects T-Mobile Customers: Credit bureau and consumer data broker Experian revealed that 15 million records it was entrusted to keep secure were exposed to criminals. The leaked data came from customer applications for T-Mobile service. The theft included Social Security numbers, dates of birth, names, addresses and driver’s license numbers, as well as credit rating information. Does Experian get a ding on its credit score for sharing everyone else’s?

Social Engineering Hacks Are On The Rise: Phishing and other social engineering attacks are on the rise, according to Verizon’s 2015 Data Breach Investigation Report. Emails disguised as messages from LinkedIn and other social networks trick users into clicking dangerous links and downloading infected attachments. Social networks also offer criminals a way to gather personal details about their potential victims. This information makes it easy for a criminal’s spearphishing email to look like it’s coming from someone familiar to the victim.

National Banking Organization Breached: The American Bankers Association -- an organization representing small, regional and large banks across the country -- suffered a network breach. Email addresses and passwords used to make purchases were compromised according to the organization’s website. To date, the ABA states there are no reports of fraudulent activity.

CIA Director Hacked By A High Schooler: There’s a new way to be the big man on campus -- hack the director of the CIA. That’s what one high schooler did according to the New York Post. The student found sensitive information for Director John Brennan after using a social engineering trick on Brennan’s ISP (Verizon) and hacking the director’s personal AOL account. The trove of information that was uncovered includes Brennan’s application for security clearance, social security numbers and personal information about Brennan’s colleagues, and correspondence from the US Senate.

Cisco Puts The Hurt On International Ransomware Campaign: Cisco researchers have disrupted the Angler Exploit Kit which helps spread ransomware and other malware around the globe. The sleuthy Cisco team determined that half of all Angler’s proxy servers were located with service provider Limestone Networks. By shutting down access to those servers and taking other measures, experts think that Angler’s ransomware revenue may have been reduced from $60 million to $30 million worldwide.

Flash Vulnerability Inspires Call To Uninstall (But There’s A Better Fix): Following the release of its monthly security patch, Adobe announced that vulnerabilities in Flash remain a threat to security. The vulnerability affects Windows, Mac, and Linux versions of Adobe’s software. The announcement inspired many to encourage uninstalling Flash. However, it’s estimated that 10% of all sites still use the plug-in. Our suggestion: Instead of removing Flash and restricting users to 90% of the Web, employ a secure, cloud-based browser to get secure access to everything online.